All the steps and code snippets from my tutorial series Set up an Ubuntu Web Server on an Intel NUC
Get an Ubuntu image for your NUC
apt update -y & apt upgrade -y
sudo su
su lightdm -s /bin/bash
dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
exit
exit
- Go to
Network > Choose your Network > IPv4 Settings
- Set "Method" to "Manual"
- Add a static IP address, I picked
192.168.1.100
- Set the netmask. You can find the netmask by running
ifconfig
- Set the gateway. You can find the gateway by running
ip route show
- Set the netmask. You can find the netmask by running
- Set DNS servers, I used Google's
8.8.8.8, 8.8.4.4
Log in to your router's admin and configure port forwarding for 80
, 443
, and 22222
(or whatever port you pick for ssh)
Install open ssh server
sudo apt install -y openssh-server
Edit /etc/sshd_config
and change the Port to your preferred port
Create a keypair on your computer, and send it to the server:
ssh-copy-id -i ~/.ssh/keyfilenamehere user@host -p 22222
Add this config to the bottom of /etc/sshd_config
to disable password login:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Install fail2ban
sudo apt install -y fail2ban
Copy the fail2ban default configuration to a file we can safely edit
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the /etc/fail2ban/jail.local
file, and scroll to the [ssh]
jail section, add:
enabled = true
Change the port to the port ssh is running on (22222 for me)
Restart fail2ban to apply configuration changes:
sudo systemctl restart fail2ban
I use no-ip... get a wilcard domain name that comes with Dynamic DNS.
Set up their dynamic updater so the Dynamic DNS part works.
Install Certbot
sudo apt-get update -y
sudo apt-get install -y software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update -y
sudo apt-get install -y certbot
Get an HTTPS certificate and private key:
sudo certbot certonly --standalone -d example.com -d www.example.com
Install Docker for Ubuntu
I added this nginx config into ~/apps/nginx-app-router/nginx.conf
and then I ran
sudo docker run \
--volume /home/eric/apps/nginx-app-router/nginx.conf:/etc/nginx/nginx.conf:ro \
--volume /etc/letsencrypt:/etc/letsencrypt \
--publish 80:80 \
--publish 443:443 \
--detach \
--restart always \
nginx
Edit the NGINX configuration at ~/apps/nginx-app-router/nginx.conf
to add a server block for the app, specifying the subdomain, port, and the NUC's static IP address:
server {
listen 443 ssl;
server_name next-subways.curious-directory.com;
location / {
proxy_pass http://192.168.1.100:8002;
}
}
Build a Docker image:
sudo docker build --tag next-subways .
Run the image:
sudo docker run \
--detach \
--publish 8002:8080 \
--env NODE_ENV='production' \
--env MTA_API_KEY=$API_KEY \
--restart always \
next-subways